1. Field of the Invention
This invention relates to the field of computer security. More particularly, methods and apparatus are provided for integrated intrusion deflection, detection and introspection.
2. Related Art
Intrusion into an organization's network can be difficult to deflect or detect without sophisticated tools and processes, such as firewalls, honeypots, demilitarized zones (DMZs), packet filtering, stateful packet inspection, and so on. DMZs are employed to separate external users and potential intruders from an organization's internal computer resources, while honeypots are used to lure potential attackers to isolated computer systems that are instrumented to detect and monitor intrusion attempts.
Large organizations tend to operate large networks, and therefore usually dedicate multiple computer systems to operating computer security tools and processes. For example, both DMZs and honeypots traditionally require dedicated hardware and must be individually monitored, and the amount of external traffic may require multiple dedicated computer systems—depending on the size of the network, number and configuration of external connections, and/or other factors.
Thus, management and administration of network security tools and processes can be very time-consuming and complex, and any mistake in their configuration or operation may open security vulnerabilities that potential intruders are only too happy to exploit. As a network expands and evolves, more and more dedicated resources may need to be deployed, thereby making the network's security even more complex.